Overview

File harden_postfix.service.patch of Package postfix

Index: postfix-SUSE/postfix.service
===================================================================
--- postfix-SUSE/postfix.service.orig
+++ postfix-SUSE/postfix.service
@@ -19,6 +19,24 @@ After=amavis.service mysql.service cyrus
 Conflicts=sendmail.service exim.service
 
 [Service]
+# added automatically, for details please see
+# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
+
+# Needed write permissions for /etc/aliases.* or /etc/aliases.lmdb
+# https://bugzilla.opensuse.org/show_bug.cgi?id=1191988
+#ProtectSystem=full
+#ReadWritePaths=/etc/postfix
+
+ProtectHome=false
+PrivateDevices=true
+ProtectHostname=true
+ProtectClock=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions 
 Type=forking
 PIDFile=/var/spool/postfix/pid/master.pid
 ExecStartPre=-/bin/echo 'Starting mail service (Postfix)'
openSUSE Build Service is sponsored by
Places